libcrypto failure on Openssh
Michael Wojcik
Michael.Wojcik at microfocus.com
Tue Feb 28 14:38:50 UTC 2023
> From: Hareesh Das Ulleri <hareesh.ulleri at ovt.com>
> Sent: Monday, 27 February, 2023 23:15
>
> Sorry for the confusion. This is during OpenSSH authentication, a child
> process which does not have any privileges (e.g. file open) and it is supposed
> to do the authentication, that means it calls Libcrypto Cipher functions. In this
> case even file reopen won't work since process has no privileges to do this.
>
> Is it mentioned or anyone attempted how OpenSSL supposed to handle this
> case ?
OpenSSL isn't. This is your problem. Your provider has a limitation which prevents it from working in certain use cases.
The obvious fix is to correct the permissions on your device node so it can be opened by the unprivileged process.
There are other possibilities (e.g. descriptor passing), but generally they introduce complexity for little or no additional security.
--
Michael Wojcik
More information about the openssl-users
mailing list